2 matches found
CVE-2023-22975
A cross-site scripting XSS vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html...
CVE-2023-22975
CVE-2023-22975 is a cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 where a crafted payload placed in the email parameter of the /front/person/profile.html endpoint can cause arbitrary web scripts/HTML to run in a user’s browser. RedHat/CNNVD/OSV/NVD entries corroborate the issue; r...